Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91863 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Vondu Viris


  • This topic is locked This topic is locked
19 replies to this topic

#16 boogiewoogie

boogiewoogie

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 21 June 2008 - 11:06 PM

Hi,

Here are the logs. I have also installed and are running Kaspersky Internet Security to avoid this in the future.

ComboFix 08-06-12.2 - Owner 2008-06-20 12:46:56.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.267 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVP
-------\Service_AVP


((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 03:04 . 2008-06-19 03:18 96,966 --a------ C:\WINNT\system32\drivers\klin.dat
2008-06-19 03:04 . 2008-06-19 03:18 88,774 --a------ C:\WINNT\system32\drivers\klick.dat
2008-06-19 03:03 . 2008-06-19 03:03 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-17 03:06 . 2008-06-17 03:06 <DIR> d-------- C:\WINNT\55A6283C638A4EE0B49151118554BDA2.TMP
2008-06-15 14:50 . 2008-06-13 09:10 272,128 -----c--- C:\WINNT\system32\dllcache\bthport.sys
2008-06-15 14:50 . 2008-05-08 08:28 202,752 -----c--- C:\WINNT\system32\dllcache\rmcast.sys
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-14 22:10 . 2008-06-14 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 22:10 . 2008-06-10 19:02 34,296 --a------ C:\WINNT\system32\drivers\mbamcatchme.sys
2008-06-14 22:10 . 2008-06-10 19:02 15,864 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-06-13 01:30 . 2008-03-25 02:37 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-06-13 00:49 . 2008-06-13 00:49 <DIR> d----c--- C:\VundoFix Backups
2008-06-10 23:00 . 2008-06-10 23:00 <DIR> d----c--- C:\kav
2008-06-10 22:26 . 2008-06-10 22:26 9,662 --a------ C:\WINNT\system32\pinkip.ico
2008-06-10 18:25 . 2008-06-10 18:25 13,942 --a------ C:\WINNT\system32\iphone-011.ico
2008-06-10 06:53 . 2002-08-13 13:25 <DIR> d-------- C:\Documents and Settings\Administrator.AZ\Application Data\Symantec
2008-06-10 06:53 . 2002-08-13 13:20 <DIR> d-------- C:\Documents and Settings\Administrator.AZ\Application Data\InterTrust
2008-06-10 06:53 . 2008-06-10 07:27 <DIR> d-------- C:\Documents and Settings\Administrator.AZ
2008-06-10 02:34 . 2008-06-10 02:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-05 18:54 . 2008-06-10 04:14 <DIR> d-------- C:\WINNT\system32\NMP
2008-06-04 01:33 . 2008-06-04 01:33 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-06-03 23:06 . 2008-06-03 23:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-06-03 20:11 . 2008-06-03 20:11 2,640 --a------ C:\WINNT\system32\settings.aaw
2008-06-03 20:11 . 2008-06-03 20:11 1,584 --a------ C:\WINNT\system32\history.aaw
2008-06-03 16:39 . 2008-06-03 16:39 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-06-03 16:29 . 2008-06-19 00:54 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 15:58 . 2008-06-11 02:26 10,671 --a------ C:\WINNT\system32\drivers\SYMEVENT.CAT
2008-06-03 15:58 . 2008-06-11 02:26 805 --a------ C:\WINNT\system32\drivers\SYMEVENT.INF
2008-06-03 15:57 . 2008-06-19 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 06:56 . 2008-06-20 12:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 06:56 . 2008-06-20 12:59 1,345,824 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-05-31 06:56 . 2008-06-20 12:55 51,488 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-05-31 06:56 . 2008-06-20 12:54 19,076 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-05-31 06:56 . 2008-06-20 12:54 5,852 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-05-31 06:01 . 2008-05-31 06:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 06:01 . 2008-05-31 06:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 06:00 . 2008-05-31 06:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 01:32 . 2008-05-31 01:32 335 --a------ C:\WINNT\mozregistry.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 07:25 112,144 ----a-w C:\WINNT\system32\drivers\kl1.sys
2008-06-13 13:10 272,128 ----a-w C:\WINNT\system32\drivers\bthport.sys
2008-06-13 05:30 --------- d-----w C:\Program Files\Java
2008-06-06 01:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-31 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 05:35 --------- d-----w C:\Program Files\FreeFTP
2008-05-08 12:28 202,752 ----a-w C:\WINNT\system32\drivers\rmcast.sys
2008-05-08 02:25 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-29 15:20 15,648 ----a-w C:\WINNT\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINNT\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINNT\system32\drivers\Awrtpd.sys
2008-04-23 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Retrospect
2006-03-10 19:47 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe
2003-09-01 22:32 1,568 ----a-w C:\Documents and Settings\Owner\Application Data\mpauth.dat
2003-06-22 07:22 62,400 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-06-19_ 1.48.24.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 05:04:37 2,048 --s-a-w C:\WINNT\bootstat.dat
+ 2008-06-20 16:55:43 2,048 --s-a-w C:\WINNT\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINNT\Driver Cache\i386\bthport.sys
- 2008-06-06 01:16:02 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-20 02:26:36 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2008-06-06 01:16:02 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-20 02:26:36 32,768 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-06 01:16:02 49,152 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 02:26:36 49,152 ----a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-28 23:51:04 195,344 ----a-w C:\WINNT\system32\drivers\klif.sys
+ 2007-12-13 17:28:40 24,592 ----a-w C:\WINNT\system32\drivers\klim5.sys
+ 2008-02-08 22:35:42 23,604 ----a-w C:\WINNT\system32\drivers\klopp.dat
+ 2008-02-08 22:37:44 219,664 ----a-w C:\WINNT\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 15:50 66048 C:\WINNT\system32\SK9910DM.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"WD Button Manager"="WDBtnMgr.exe" [2005-01-13 22:02 331776 C:\WINNT\system32\WDBtnMgr.exe]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-04-29 19:25:48 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, zwebauth.dll, digest.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINNT\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=C:\WINNT\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINNT\pss\Verizon Online Support Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINNT\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-10-06 14:57 24576 C:\WINNT\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a------ 2002-05-06 20:12 65536 C:\WINNT\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 12:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2001-08-23 17:52 331830 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-17 00:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6600DMon]
--a------ 2005-05-25 09:35 69632 C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINNT\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2003-10-06 14:57 24576 C:\WINNT\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2003-05-06 23:07 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\WINNT\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 brfilt;Brother MFC Filter Driver;C:\WINNT\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
R3 brparimg;Brother Multi Function Parallel Image driver;C:\WINNT\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
R3 BrParWdm;Brother WDM Parallel Driver;C:\WINNT\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
R3 BrSerWDM;Brother WDM Serial driver;C:\WINNT\system32\Drivers\BrSerWdm.sys [2001-08-17 13:12]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 00:00:00 C:\WINNT\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 12:57:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\BrmfRsmg.exe
.
**************************************************************************
.
Completion time: 2008-06-20 13:05:49 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-20 17:05:44
ComboFix2.txt 2008-06-20 02:39:26
ComboFix3.txt 2008-06-19 05:48:43
ComboFix4.txt 2008-06-17 04:27:06
ComboFix5.txt 2008-06-15 20:09:17

Pre-Run: 19,659,542,528 bytes free
Post-Run: 19,656,450,048 bytes free

208 --- E O F --- 2008-06-20 16:20:04






Logfile of HijackThis v1.99.1
Scan saved at 01:02:15, on 2008-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\BRMFRSMG.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Owner\Desktop\Virus\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....119/CTSUEng.cab
O16 - DPF: {0BE0E0B4-3E03-4EB6-99B2-00948505A067} (Media Client ActiveX Installer) - http://www.downloadc...MCInstaller.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - http://www.stamps.co...45/sdcregie.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.ichat.com...ent/msichat.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15008/CTPID.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswar...1/DMInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

    Advertisements

Register to Remove


#17 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 22 June 2008 - 09:32 PM

boogiewoogie,

Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Keep Microsoft Windows Updated - This will ensure your computer has always the latest security updates available installed on your computer. The easiest way to do this is to turn on Automatic Updates. Do this by:
  • From your desktop, right-click on My Computer,
  • click on Properties
  • Select the Automatic Updates tab
  • Click on Automatic
  • Click on Apply button
  • Click on OK to exit.
If there are new updates to install, install them immediately, until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Using IE-SPYAD to help block unwanted sites and activities

Winpatrol


Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.


Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#18 boogiewoogie

boogiewoogie

    New Member

  • New Member
  • Pip
  • 11 posts

Posted 23 June 2008 - 02:01 PM

Great. Thank you sooo much. I really don't know what I would have done without your help. I will indeed take all your advice and use it! Is there anything I can do to help your cause? Donation? Let me know. Take care and the best of luck!

#19 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 23 June 2008 - 02:41 PM

boogiewoogie,

You're welcome. Glad we could help.

Even though everyone here volunteers their time, donations are gladly accepted to offset costs of equipment, etc. to run the site. If this is something you would like to do, you can click the following link:
Donate

Good Luck and be well. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#20 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 25 June 2008 - 06:26 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users